Transfering ssl certificate issued by a Windows Domain Controller CA to another machine running IIS

sanosuke_kursch

1/9/23, 11:02 AM

I have two AD servers in a domain, both running Windows Server 2019, the second is a Core server configured as a RODC. I have the main server working as a Certification Authority, where I'm supposed to issue the certificates for the internal websites that are running on the Core server. I need to enable SSL on the websites that are running on the Core server, but using the certificates generated on the main server, so far I haven't found a way to do that. The closest I got was through the "Certificates" MMC snap-in, but when I try to import the .pfx file I get the notification that importing a .pfx file to a remote certificate store is not supported. How can I assign these certificates, that are issued and located in the main server, to the websites running on IIS in the Core server?

1 + 0

windows-server-core

ssl-certificate

certificate-authority

iis-10

windows-server-2019

Score:0

Server

Crypt32

1/9/23, 12:12 PM

You can install the PFX on Server Core installation using certutil.exe command-line tool:

certutil -importPFX c:\mypfxx.pfx

provide a password for PFX when prompted. Then you can connect remotely to IIS server using IIS Management Console and create HTTPS binding for website.

0 + 2

sanosuke_kursch

1/9/23, 1:00 PM

I guess I won't be able to use a nice GUI to do that, but at least I got it working with that, thanks.

Crypt32

1/9/23, 1:02 PM

that's correct, you cannot use GUI on server core and cannot use remote Certificate managers to install the certificate remotely, CLI is your the only choice.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Transfering ssl certificate issued by a Windows Domain Controller CA to another machine running IIS

TH: การโอนย้ายใบรับรอง ssl ที่ออกโดย Windows Domain Controller CA ไปยังเครื่องอื่นที่ใช้ IIS

RO: Transferarea certificatului ssl emis de un controler de domeniu Windows CA pe o altă mașină care rulează IIS

RU: Передача ssl-сертификата, выданного ЦС контроллера домена Windows, на другую машину, на которой работает IIS

VI: Chuyển chứng chỉ ssl do Windows Domain Controller CA cấp cho một máy khác đang chạy IIS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.